I don't know of any specific cases on Android, but I'm guessing it's only a matter of time, either through applications or the web itself.

Google controls most of the in app ads so I'd be surprised if anything leaked through that way. But I could see the potential with web adds though. In either case, users would have to have side-loading apk files enabled, and even if that is, users would still be prompted with a permissions / install screen should an apk file try to auto-install.

I will admit that I've not done a huge amount of security testing in Android (unlike securing Windows and Linux; which is part of my day job), but I think it's quite hard to sneak malware onto the phone itself without tricking the users into installing an apk. So the biggest threat would be more social engineering (eg porn sites that say they are only viewable via a specific Android codec) than drive-by downloads and other such attacks that silently infect the client.

Right, you could disable Java, Flash, Javascript, etc, which would probably block most ads by default, and break the web in the process.

You don't really need to disable Javascript. It shouldn't be possible for Javascript to break out of it's sandbox. I mean, obviously there will be bugs and vulnerabilities that can be exploited, but the same is true for anything that can be rendered (even the JPEG format has been known to serve malware in the past). Such vulnerabilities usually get patched pretty quickly though, so it's more a case of keeping your browser up-to-date and Java plugins disabled (Java and Flash are by far the biggest two weaknesses on a modern browser).

Actually, I was thinking more of a setting in options that says 'do not list any applications with adware'.